UNAMgrid Alejandro Núñez Sandoval Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA.

Slides:

Advertisements

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Advertisements

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E IEPG March 2000 APNIC Certificate Authority Status Report.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E APNIC Open Policy Meeting SIG: Whois Database October 2000 APNIC Certificate Authority.

APGrid PMA Face-to-Face Meeting NCHC CA Weicheng Huang National Center for High-performance Computing April 8, 2008.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Yuan, Tein Horng Academia Sinica Computing Centre 13 June 2003.

1 ASGCCA Self-Audit Report APGridPMA Jinny Chien March

CNIC Grid CA/SDG CA Self Audit Kejun (Kevin) Dong Computer Network Information Center (CNIC) Chinese Academy of Sciences APGridPMA F2F.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,

Public Key Infrastructure Ben Sangster February 23, 2006.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

National Institute of Advanced Industrial Science and Technology Auditing, auditing template and experiences on being audited Yoshio Tanaka

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

Computing Research Center, High Energy Accelerator Organization (KEK) KEK Grid CA Go Iwai The 2 nd APGrid PMA Meeting at Osaka Univ.

UNAMgrid CA Juan Carlos Guel UNAM, México. Alejandro Núñez UNAM, México. Israel Becerril UNAM, México. DGSCA UNAM 31/08/06.

NECTEC-GOC CA APGrid PMA face-to-face meeting. October, Sornthep Vannarat National Electronics and Computer Technology Center, Thailand.

National Institute of Advanced Industrial Science and Technology Self-audit report of AIST GRID CA Yoshio Tanaka Information.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Brazilian Grid Certification Authority.

NAREGI CA Updates Kento Aida NAREGI CA/NII Kento Aida, National Institute of Informatics APGrid PMA meeting 04/20/2008.

DataGrid WP6 CA meeting, CERN, 12 December 2002 IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of.

DYNAMIC VALIDITY PERIOD CALCULATION OF DIGITAL CERTIFICATES BASED ON AGGREGATED SECURITY ASSESSMENT By Alexander Beck Jens Graupmann Frank Ortmeier.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

National Institute of Advanced Industrial Science and Technology Brief status report of AIST GRID CA APGridPMA Singapore September 16 Yoshio.

NECTEC-GOC CA Self Audit 7 th APGrid PMA Face-to-Face meeting March 8 th, 2010 Large-Scale Simulation Research Laboratory Sornthep Vannarat Large-Scale.

Security Overview  System protection requirements areas  Types of information protection  Information Architecture dimensions  Public Key Infrastructure.

UNLP CA (Argentina) Universidad Nacional de La Plata Was created as a national university in 1905 Is the 3rd largest.

IHEP Grid CA Status Report Gongxing Sun F2F Meeting 20 Apr Computing Centre, IHEP,CAS,China.

IHEP Grid CA Status Report Wei F2F Meeting 8 Mar Computing Centre, IHEP,CAS,China.

A Brief Overview of draft-ietf-sidr-cp-01.txt draft-ietf-sidr-cps-rirs-01.txt draft-ietf-sidr-cps-isp-00.txt Steve Kent BBN Technologies.

User Certificate Application: ASGCCA. Agenda Introduction ASGCCA User Responsibilities Certificate application form RA verify identity of users User generate.

IHEP Grid CA Status Report Gongxing Sun 5 th F2F Meeting 16 Sep Computer Center, IHEP,CAS,China.

Profile for Portal-based Credential Services (POCS) Yoshio Tanaka International Grid Trust Federation APGrid PMA AIST.

Sam Morrison APAC CA – APGridPMA - ISGC2010 APAC CA Self Audit and status update Sam Morrison ARCS.

Academia Sinica Grid Computing Certification Authority (ASGCCA)

OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch October 16, 2012.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.

Academia Sinica Grid Computing Certification Authority (ASGCCA) Jinny Chien.

E-science grid facility for Europe and Latin America Task TSA1.3 - Authentication Services and Policies Acheivements Jacques Alves da Silva.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Grid Canada Certificate Authority Darcy Quesnel

Academia Sinica Grid Computing Certification Authority (ASGCCA) Academia Sinica Computing Centre.

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

APGrid PMA face-to-face meeting, 9/16/2008 PRAGMA-UCSD CA Team Pacific Rim Application and Grid Middleware Assembly

8-Mar-01D.P.Kelsey, Certificates, WP6, Amsterdam1 WP6: Certificates for DataGrid Testbeds David Kelsey CLRC/RAL, UK

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

MICS Authentication Profile Maintenance & Update Presented for review and discussion to the TAGPMA On 1May09 by Marg Murray.

FP6−2004−Infrastructures−6-SSA E-infrastructure shared between Europe and Latin America The Latin American Catch-all Grid Certification.

PKI Services for CYPRUS STOCK EXCHANGE Kostas Nousias.

Baltic Grid Certification Authority 15th EUGridPMA, January 28th 2009, Nicosia1 Self-audit Hardi Teder EENet.

TR-GRID CA Self-Auditing Results and Status Update EUGridPMA Meeting September 12-14, 2011 Marrakesh Feyza Eryol, Onur Temizsoylu TUBITAK-ULAKBIM

HKU Computer Centre Grid Certificate Authority Status Update Lilian Chan IT Services, The University of Hong Kong APGrid.

18 th EUGridPMA, Dublin / SRCE CA Self Audit SRCE CA Self Audit Emir Imamagić SRCE Croatia.

GRID-FR French CA Alice de Bignicourt.

Academia Sinica Grid Computing Certification Authority F2F interview (Malaysia )

NECTEC-GOC CA A Brief Status Report 13 th APGrid PMA Face-to-Face meeting March 24 th, 2014 Large-Scale Simulation Research Laboratory Information Communications.

UGRID CA Self-audit report Sergii Stirenko 21 st EUGRIDPMA Meeting Utrecht 24 January 2011.

HellasGrid CA self Audit. In general We do operations well Our policy documents need work (mostly to make the text clearer in a few sections) 2.

Armenian e-Science Foundation Certification Authority Ara A. Grigoryan 1,2, Artem Harutyunyan 1,2,3, Arsen Hayrapetyan 1,2,4 1 Armenian e-Science Foundation;

TNGrid CA 24 th EUGridPMA meeting Ljubljana, Slovenia, January, 2012 Heithem ABBES Mohamed JEMNI

IRAN-GRID CA Self Audit IRAN-GRID CA Self Audit Report Shahin Rouhani IRAN-GRID Tehran Iran Shahin Rouhani Grid Computation Group IPM, Tehran, Iran May.

UGRID CA Sergii Stirenko, Oleg Alienin

جايگاه گواهی ديجيتالی در ايران

MaGrid CA Self audit and update

NATIONAL CENTRE FOR PHYSICS PK-Grid-CA

Emir Imamagić University Computing Centre (Srce)

MyIFAM CA Self-Audit Report APGridPMA F2F Meeting 1/4/2019

HKU Grid Certificate Authority (HKU Grid CA) CP/CPS Reviewer’s Comments Bill Yau

KISTI CA Report Status & Self-Audit

Presentation transcript:

UNAMgrid Alejandro Núñez Sandoval Rio de Janeiro, Brazil, 03/27/06 F2F meeting, TAGPMA

UNAMgrid Certificate Authority UNAM, is the National University of Mexico, UNAM is one of the biggest Universities in Mexico. Student Comunity is more than 265,000 students. 70% research in Mexico is doing at UNAM.

UNAMgrid Overview Actually the SuperComputing Deparment of UNAM is working on different grid projects, but these don’t include a robust CA (Globus). Focus to UNAMgrid is R&D Community in the National University and around the country. In first phase, the Supercomputing Deparment will be the principal “customer” to UNAMgrid services.

Other CA projects FEA project, Firma Electrónica Avanzada – Electronic advanced signature - Provide certificates to all Comunity in Nacional University (students, academics, researchs). RSA Solution. UNAM-CERT Participate on this project 2 years ago. Colaborate on the documents, security issues, etc.

UNAMgrid Today Supercomputing Deparment Computer Security Deparment UNAMgrid CA

UNAMgrid Today UNAMgrid CA Members: Juan Carlos Guel UNAM-CERT Manager UNAMgridCA Manager Alejandro Nuñez Technical Contact UNAMgrid Israel Becerril Technical Contact UNAMgrid

UNAMgrid Certificate Authority Services: –Management of PKI services –Web interface: –Information about CA project in UNAMgrid. –Information in spanish and english –Research in new technologies CA.

Name Space The certificate subject name is based in X.501 standard. Three types of CN component: –People. –Hosts. –Services.

Name space examples –/C=MX/O=UNAMgridCA/O=organization/OU=organiz ational-unit/CN=subject-name /C=MX/O=UNAMgridCA/O=dgsca/OU=super/CN=Juan Lopez –/C=MX/O=UNAMgridCA/O=organization/OU=org- unit/CN=host/host-dns-name /C=MX/O=UNAMGridCA/O=dgsca/OU=super/CN=host/pki.super.unam.mx –/C=MX/O=UNAMGridCA/O=organization/OU=org- unit/CN=service/host-dns-name /C=MX/O=UNAMGridCA/O=dgsca/OU=super/CN=ftp/ftp.s uper.unam.mx

Certificate & Key sizes The certificates issued by UNAMgrid CA must not be used for financial transactions. The subscriber key size at least 1024 bits. The UNAMgrid CA key is 2048 bits length. –The CA certificate has a validity period of 10 years

UNAMgrid CA Architecture

UNAMgrid Certificate Life-cycle Revocation Expiration Request Re-new

Subscribe requirements Read and adhere to the procedures described in this document. Use certificate for the permitted purposes only. Authorize procedures and conservation of personal data. Generate a key pair (at least 1024bits). Selecting a strong passphrase. Protecting the pass phrase from others. Never sharing the private key with other users. Notify to UNAMgrid CA in case of private key loss or compromise;

Certificate Revocation List The subscriber has ceased to be a member associated from UNAMgrid. Subscriber private key is lost o suspected to be compromised. The private key of the UNAMgrid CA have been compromised or lost. The CRL have a lifetime of 30 days. A new CRL must be published inmediately after its issuance. A new CRL at least 7 days before the expiration date or inmediately after having a revocation.

UNAMgrid CA Security Physical access – restricted to authorized people. –Cameras. –Cops. UNAMgrid CA is offline.(probes will be made with our research community) Backup every night except on weekend and holidays. –DVD backup. Auditing security process internal. Incident report-procedure

UNAMgrid CA Status Review in progress Documents CP/CPS TAGPMA Committe. Draft 0.2 issue March 5, 2006 Website UNAMgrid. Technical Test with OpenCA.

UNAMgrid CA Further work Spanish documents. OpenCA test with our Research community (Mexico) Risk assesment and contigency plans documents in progress. RA test ( 1 Nuclear Science Department)

Thank you Questions?